Tuesday, April 29, 2025
HomeMalware87 fake Minecraft mods reached up to 990,000 Android users spotted on...

87 fake Minecraft mods reached up to 990,000 Android users spotted on Google Play Store

Published on

SIEM as a Service

Follow Us on Google News

Malicious Apps hosted in Google play store is a never ending process, researchers from Zsclarer and ESET reported dozens of the app that contain aggressive adware strains.

These fake mods reached up to 990,000 installs and they were split into two categories

  • ad-displaying downloader – Android/TrojanDownloader.Agent.JL.
  • App to redirect the user to scam websites – Android/FakeApp.FG.

 Android/TrojanDownloader.Agent Functionality

These components only have necessary modules for installation, once it launched it seeks for admin permission.

- Advertisement - Google News

If admission permission provided it will launch “INSTALLER MOD” to install additional modules “Block Launcher Pro” with several admin rights.

Upon installing it brings the user to dead end – a static Minecraft-themed screen with no clickable elements displayed on the screen,14 apps impersonating Minecraft mods with up to 80,000 installs has been discovered by ESET.

87 fake Minecraft mods reached up to 990,000 Android users spotted on Google Play Store
Device locked Add from ESET

Android/FakeApp.FG Functionality

It just uses the old trick, once it launched it shows the download button. If the user clicks the download button it will take them to scam websites showing a various range of advertisements.

Remaining 73 apps fall into this category and they have reached up to 910,000 installs before they reported.

87 fake Minecraft mods reached up to 990,000 Android users spotted on Google Play Store
Scam displayed upon clicking Download button Source: ESET

ZScaler reported 12 apps

Four out of the 12 applications that were accounted for this suspicious activity have been downloaded in between 10,000 to 50,000 times.

In order to hide from Google’s Antivirus system, these apps will not show any activity for first six hours.

These apps once installed will communicate with the predefined C&C server to get instructions. The C&C server issue commands to the app to display various advertisements on the device.

  • Full-screen ads
  • Open a link in mobile browser
  • Launch a YouTube video
  • Launch an already installed app on the phone
  • Create a new shortcut on the home screen for a given URL
ZScaler said “Most of the apps in this report are examples of source code piracy. The app with the package name com.ndk.taskkiller, for example, is a pirated version of com.batterysaver.taskkiller”.

Common Defences 

  • To stay secure use a reputable mobile security solution to detect and remove the threats.
  • Do download apps only from the official market.
  • Before downloading, check for the number of installs, ratings and, most importantly, the content of reviews.

How to clean the infection

  • If infected by the ad-displaying downloader, first deactivate administrator permission and then you can uninstall the application.
  • With Scam, it’s simple just you need to uninstall it.

Also Read:

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

Blinded from Above: How Relentless Cyber-Attacks Are Knocking Satellites Out of Sight

According to the Center for Strategic & International Studies' (CSIS) 2025 Space Threat Assessment,...

Google Chrome Vulnerability Allows Attackers to Bypass Sandbox Restrictions – Technical Details Revealed

A severe vulnerability, identified as CVE-2025-2783, has been discovered in Google Chrome, specifically targeting...

Threat Actors Accelerate Transition from Reconnaissance to Compromise – New Report Finds

Cybercriminals are leveraging automation across the entire attack chain, drastically reducing the time from...

ResolverRAT Targets Healthcare and Pharmaceutical Sectors Through Sophisticated Phishing Attacks

A previously undocumented remote access trojan (RAT) named ResolverRAT has surfaced, specifically targeting healthcare...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

RansomHub Ransomware Deploys Malware to Breach Corporate Networks

The eSentire’s Threat Response Unit (TRU) in early March 2025, a sophisticated cyberattack leveraging...

Advanced Multi-Stage Carding Attack Hits Magento Site Using Fake GIFs and Reverse Proxy Malware

A multi-stage carding attack has been uncovered targeting a Magento eCommerce website running an...

Hannibal Stealer: Cracked Variant of Sharp and TX Malware Targets Browsers, Wallets, and FTP Clients

A new cyber threat, dubbed Hannibal Stealer, has surfaced as a rebranded and cracked...